Web Application Firewalls Tutorial Guide

There are millions of websites on the internet and billions of web pages. The enhancement of web 2.0 has also bought a different dimension into the world of web which lets people interact directly with websites.

However there are also many common threats out there targeted at websites. Common examples include DOS attacks, Cross Site Scripting, SQL injection attacks and many more ways to exploit websites.

Most website owners can get away with most threats, and do not have a site valuable enough to invest into such security. However the more serious websites out there such as sites selling on the web doing some form of ecommerce, password protected sites like online banking, Facebook, and the shopping sites like Amazon, Argos, Asda and any major business really that is online for that matter, requires a high level of security.

Therefore vendors introduced dedicated appliances known as Web Application Firewalls. Two vendors in particular are Barracuda and Fortinet. Barracuda has a product known as Barracuda Web Application Firewall, and Fortinet’s product is the FortiWeb Web Application Security.

These web application firewalls are capable of inspecting the higher layers of the OSI models, in particular layer 4 through 7, also known as deep packet inspection. They are also able to normalise traffic into a standard format before running security checks, ensure packets are compliant to the protocols they are using and ability to decrypt application layer information, such as SSL traffic.

Below are the common attacks targeted at web servers;

SQL Injection –

Most websites, especially dynamic websites consist of a database. SQL Injections are commands executed against the database. This usually allows an attacker to modify the database, or expose some of it’s content.

Cross Site Scripting (XSS) –

This type of attack will inject client side scripts into websites. From here attackers can steal credentials (usernames and password) of users who attempt to log into the site.

Command Injection –

These are attacks using operating system commands. Attackers usually attempt this to achieve higher privilege levels of access to data.

Buffer Overflow.

This attack is to overflow more information than normal into an application or operating system. Attackers will attempt this to execute commands on the web server.

Parameter Tampering –

URLS are used in such a way to gain access to confidential data.

Cookie Poisoning –

Hackers attempt to expose cookies in order to steal passwords or steal another user’s identity.

All the above attacks can be prevented via Web application firewalls. They use techniques such as blocking hackers from inserting malicious scripts into the website URL's and headers, encrypting session cookies, enforcing buffer limits, inspecting all application layer traffic for known and unknown malicious threats and other techniques.

For further reading, there's some excellent electronic ebooks available for download fromeBooks.com